General
-
Target
file.exe
-
Size
264KB
-
Sample
230504-cey6babe6z
-
MD5
3b5d5728a6d74a0f0f48c5c943443b74
-
SHA1
d57fb768113b969396996a88681d42c4d4c227bd
-
SHA256
3b3f397dd74ad22804f323c0bb49e3d99ac5a5423d0b3787a3bd71fc8abe9e6e
-
SHA512
32befa076f7e9daff2f271244a8bb54ceacff5f04141b32860dc30ebd81d6ca38693a6c1e9ef037268310d046fbac81702c72817e68ac3f3d9046e8a3516053f
-
SSDEEP
3072:3lM2SprixzpyHisBXhylChgU1mY0G31CFEnttis57xc0MMIECuiZQE0/uWm:KVk94His5hAXymJ06S+06ECui501m
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
264KB
-
MD5
3b5d5728a6d74a0f0f48c5c943443b74
-
SHA1
d57fb768113b969396996a88681d42c4d4c227bd
-
SHA256
3b3f397dd74ad22804f323c0bb49e3d99ac5a5423d0b3787a3bd71fc8abe9e6e
-
SHA512
32befa076f7e9daff2f271244a8bb54ceacff5f04141b32860dc30ebd81d6ca38693a6c1e9ef037268310d046fbac81702c72817e68ac3f3d9046e8a3516053f
-
SSDEEP
3072:3lM2SprixzpyHisBXhylChgU1mY0G31CFEnttis57xc0MMIECuiZQE0/uWm:KVk94His5hAXymJ06S+06ECui501m
-
XMRig Miner payload
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-